Systems and methods for securely monitoring an individual

ABSTRACT

A biometric sensor may be coupled to a portable communications device, such as a cellular telephone. The biometric sensor may be configured to acquire one or more measurements of biological characteristics of an individual. One or more of the measurements may relate to internal, sub-epidermal characteristics of the individual, such as non-volitional processes occurring within the individual, sub-epidermal structures within the individual, or the like. A biometric marker may be derived from one or more of the measurements. The portable communications device may be activated responsive to deriving the biometric marker. The activation may include transmitting the measurements and/or biometric markers derived therefrom to a receiver using the portable communications device.

BACKGROUND OF THE INVENTION

The present invention relates generally to a biometrically activateddevice. More specifically, the invention relates to a biometricallyactivated device capable of authenticating or verifying a user'sidentity based on a unique internal biometric marker, or combination ofunique internal biometric markers, of a user, thereby allowing ordenying access to and/or control over an electronic component.

Security devices have been around for ages. From draw-bridges to lockson doors and furniture, people have attempted to secure their well-beingand personal belongings from harms way. As technological advances weremade, new means of security were created. Door locks require codes todisengage the lock, car doors are equipped with number pads, vehicleignition keys include microchips encoded to communicate with the vehicleso as to prevent theft. Financial transactions have also become moresecure. Currency is more sophisticated in order to thwart copying,credit cards require authentication signatures, bank account accessrequires account numbers, and personal identification numbers are issuedfor everything from calling cards to internet access to stock markettrading accounts.

As technology continues to advance at a rapid rate, the search for moresophisticated, unbreakable, security measures continues. The key to aneffective security system is the identification of the individual orentity attempting to access that which is protected by the securitysystem, be it a home, financial information, or communications.Mechanical keys can be copied, personal identification numbers stolen,and credit cards misused without much trouble. The level of theft isevident from the billions of dollars in fraudulent financialtransactions taking place each year, stolen vehicles, and homebreak-ins. Of particular concern is the relatively new crime wherein apersons ‘identity’ is stolen. In this day and age, a person's identityis closely tied to a bank account number, a phone number, anidentification number, a social security number, or other suchinformation which is easily stolen and then used to access the owner'sinformation or property. When such a crime occurs, the victim suffersfinancial decimation, credit destruction, and countless hours of agonyin attempting to ‘rebuild’ their ‘identity’.

One form of fraud involves electronic transaction fraud, such asfraudulent credit and debit card transactions. Typically, a magneticstrip on one surface of such cards carries an electronic form of aseries of numbers, which identifies the account to be credited ordebited. To execute a financial transaction using such a card, all thatis needed is the series of numbers and authentication that the card isbeing used by the authorized user. Such authorization typically consistsof photo identification or verification of a signature if the card isbeing used in a person to person transaction. Transactions conductedthrough other media, such as the telephone or over the internet, areoften authenticated using some other form of identification, such as thebilling address or phone number of the authorized user of the card.Because this information is often readily available to the public, suchauthentication processes are not very secure.

In the electronic transaction market, efficient identification of peopleis not only very critical, but very difficult, due to the rapid natureof monetary exchanges. In cases of pure electronic transactions, thereis no physical document that acts as a transaction mechanism. Inaddition to this, most electronic transactions are performed from alocation that is remote relative to the funds involved. Theidentification of the holder of the transaction device, such as a creditcard, is the responsibility of the merchant or third party willing toaccept an electronic transaction. Accurate identification andauthentication of the validity of the transaction device is not alwayspossible and, even when obtained, is not always accurate.

The advent of the internet has added an entirely new dimension to theproblems associated with electronic transaction fraud. The internetprovides a medium wherein the user of a transaction device and a thirdparty willing to accept an electronic transfer of funds never have anyactual contact. This creates further authentication problems for thethird party because the transfer device is not physically present, theidentification of the user is not visually apparent, and a telephonenumber cannot be authenticated. As a result of the increased use ofe-commerce, and ensuing authentication difficulties therewith, theincidence of electronic transaction fraud has been on the increase. Inthe immediate future, the opportunity and incidence of fraud willincrease correspondingly unless sufficient security measures capable ofpositively identifying an individual are implemented.

The market has responded to the difficulties of authenticatingelectronic transfer devices, and positively identifying individuals, bysearching for a viable biometric solution to the problems. Biometrictechnology generally involves the electronic identification of anindividual using physiological traits which are unique to that sameindividual. Fingerprints are an excellent example of a biometric markerused for years to provide the unique identification of individuals.Because a fingerprint is unique to an individual, the identity of thatindividual may be determined through an analysis of the fingerprint.Thus, the identity of the individual, determined from a fingerprint, mayact as a ‘key’ to unlock data or allow access through a door.

In particular, fingerprints have been used to secure some transactionsand have been proposed for use in other areas. Many banks require that afinger print or thumb print of a person cashing a check be placed on thecheck. This allows the bank to later verify or identify anyone passingfraudulent checks. Along a similar line, it has been proposed thatAutomated Teller Machines (ATM) be equipped with fingerprint pads toprovide further security to ATM transactions. An ATM having afingerprint pad would require the user to validate their ATM card bywayof their fingerprint. This could be accomplished by inserting the ATMcard into the machine, entering a Personal Identification Number (PIN),and then requiring the user to place their thumb or finger on the pad sothat the ATM machine can analyze the fingerprint and confirm theidentity of the individual using the card. Such a system wouldnecessarily rely on a database built into the ATM or connected to theATM, to provide a list of users and corresponding fingerprintinformation. The fingerprint of the user could be compared to the datain the database to confirm that the ATM card being used did in factbelong to the person associated with the fingerprint placed on thefingerprint pad of the ATM.

Other known biometric markers include palm prints, iris scans,proportional comparison of physical traits, and voice recognition. Forthe most part, these biometric markers, like the fingerprint, areexternal physiological traits or characteristics. Information unique toan individual is gathered through various scanning processes which scana external biometric marker of an individual. A number of United StatesPatents discuss biometric devices which may be used to help identify aperson. Examples of external biometric devices include those describedin U.S. Pat. Nos. 4,537,484; 4,544,267; 4,699,149; 4,728,186; 4,784,484;5,073,950; 5,077,803; 5,088,817; 5,103,486; 5,230,025; and 5,335,288Internal biometric data has also been used to verify that a subject isalive. Such verifications have been accomplished by passively verifyingphysiological process, such as registering electrical impulses (EKG), oractively verifying physiological norms by introducing and capturing amodified signal, such as introducing light energy to determine blood gascontent (pulse oximeter). Examples of such biometric readings aredescribe in U.S. Pat. Nos. 5,719,950; and 5,737,439. The disclosures ofeach of the patents listed above are hereby incorporated by reference.

One of the downfalls of using the devices which are currently availablein the market for analyzing external biometric markers is the cost ofinstalling the necessary scanning devices to provide the requiredsecurity. For each different trait to be tested, whether it is afingerprint, retinal scan, voice print, or the like, a different pieceof expensive scanning equipment is necessary. Installation of suchequipment into machines such as ATMs is economically impractical becauseeach ATM would require the installation of the expensive scanningdevice.

Another downfall of the biometric scanning devices currently availableis their size. The necessary scanning equipment is bulky, making itimpractical to attach the scanning equipment to portable devices such ascell phones, credit cards, personal data assistants, portable computers,and the like.

Further, incompatibility across multiple systems renders the deploymentof standard biometric identification on a wide scale very challenging,if not impossible. In addition, large databases storing the vast amountof data necessary to authenticate biometrically activated transactionsor authentications result in further costs which have heretofore madebiometric identification a poor candidate as a security device for lowlevel or mass produced systems.

The downfalls of the current biometrically activated security systemscan be overcome through the use of portable biometrically activateddevices which only store the biometric profile of a single individual ora small group of individuals. The use of unique internal biometricmarkers, rather than external biometric markers, provides advantageswhich overcome the downfalls of the present biometric scanning devicesused for security and the identification of individuals.

BRIEF SUMMARY OF THE INVENTION

The present invention provides an apparatus and process which utilizesunique internal human biometric markers to verify the identity of theuser of the biometrically activated device or provide access or controlover an electronic component. More specifically, the biometricallyactivated device of the present invention allows non-invasive access toa unique internal biometric marker, or some combination of uniqueinternal biometric markers, and compares the scanned biometric marker toa biometric marker or profile stored within the biometrically activateddevice, thereby attempting to verify the identity of an individual usingthe biometrically activated device. A biometric marker, for the purposesof this invention, is a human internal physiological characteristic, orbiologically active feature, which, preferably, is unique to eachindividual member of the human race. The biometric markers of thepresent invention are not merely measurements of superficial anatomicalstructure, but instead utilize or alternatively include measurements ofphysiological traits of the various systems of the human body and/or arehistological traits associated with tissues of the human body. Inaddition, a unique biometric marker is one which does not significantlyvary over time such that the biometric marker is always unique to theindividual. The device scans a selected body part or biological featureof the user, taking an internal biometric measurement or recordinginternal biometric data from the same.

A biometric profile of the subject attempting to activate thebiometrically activated device may be electronically constructed fromthe data or measurement obtained. The profile, measurement, or data isthen analyzed and compared to a stored biometric profile, or profiles,to determine whether or not the user is authorized to use the device oraccess the information that the biometrically activated device isprotecting. As with a conventional door key, the authorization orverification of a valid user triggers the biometrically activated deviceto unlock certain information or activate or provide access to thatwhich the device is protecting.

In its simplest form, the biometrically activated device comprises abiometric sensor and a memory module. The biometric sensor obtains therequisite internal biometric measurements or data from a user andcompares the measurements or data to a biometric profile stored withinthe memory module. If the biometric profile stored in the memory modulematches the measurements or data obtained from the user of thebiometrically activated device, the biometrically activated deviceprovides access to the data stored within a memory module, triggers thedisengagement of a locking mechanism, or performs a function on amechanical device.

The biometrically activated device transmits or emits energy towards ahuman user. A portion of the emitted energy is reflected back to thebiometrically activated device where it is received. The received signalis then transformed into an electric signal which represents a uniquebiometric profile of the user. The profile may then be compared to abiometric profile stored in the memory module of the biometricallyactivated device. If the user's profile matches a profile stored withinthe memory module, the biometrically activated device is activated or ispermitted to function in the manner in which it is programmed tofunction.

The biometrically activated device can provide a means to controlaccess, secure information, initiate electrical components, or provide ageneral security system. The internal biometric marker or combination ofmarkers scanned is unique to each individual and, thus, difficult orimpossible to otherwise reproduce. Likewise, the biometric profilestored within a biometrically activated device is unique to the device.Without knowledge of the specific internal biometric marker or markersscanned by the biometrically activated device, a biometric profilecannot be reverse engineered or reconstructed so as to activate thebiometrically activated device. In other words, the biometricallyactivated device may scan a user for numerous unique biometric markers,however, without knowing which marker is compared within the memorymodule, reverse engineering is virtually impossible. In this fashion,the biometrically activated device provides superior security featuresover present day security systems.

The biometrically activated device of the present invention focuses oninternal biometric markers unique to a specific individual, instead ofexternal biometric markers, such as fingerprints, or non-uniquebiometric markers, such as blood pulse readings, and overcomes theproblems associated with traditional security systems to provide a moreviable alternative to the external biometric sensors currentlyavailable.

BRIEF DESCRIPTION OF THE DRAWINGS

While the specification concludes with claims particularly pointing outand distinctly claiming that which is regarded as the present invention,the advantages of this invention can be more readily ascertained fromthe following description of the invention when read in conjunction withthe accompanying drawings in which:

FIG. 1 is a schematic of a preferred embodiment of a biometricallyactivated device;

FIG. 2 is a plan view of one embodiment of the biometric device of thepresent invention;

FIG. 3 is a cut-away plan view of the biometric device of FIG. 2;

FIG. 4 is a plan view of the biometric device of FIG. 2 in an activatedstate;

FIG. 5 is a plan view of the back side of the biometric device of FIG.2;

FIG. 6A is a block diagram of a system for securely monitoring anindividual;

FIG. 6B is a block diagram of a portable communications devicecomprising a biometric sensor; and

FIG. 7 is a flow diagram of a method for securely monitoring anindividual.

DESCRIPTION OF THE ILLUSTRATED EMBODIMENTS

Generally, the biometrically activated device of the present inventioncomprises a sensor for sensing or determining certain internal biometricmarkers of a user in communication with a memory module for storingbiometric data or biometric profiles of a user or users corresponding tothe internal biometric markers obtained by the sensor. When a userattempts to activate the biometrically activated device, the biometricsensor creates a biometric profile of the user and compares that profilewith the stored biometric profile of an authorized user. If the user'sprofile does not match the profile of an authorized user, the data orinformation stored within the biometrically activated device isunretrievable. However, if the user's profile matches that of anauthorized user, the biometrically activated device becomes activatedfor a set duration of time, thereby providing access to the data orinformation stored within the biometrically activated device or allowingthe user to operate an apparatus which the biometrically activateddevice protects.

The biometric sensor is configured to determine specific unique internalbiometric markers of a user. In a preferred embodiment of the invention,the sensor includes an emitter and a receiver. The emitter emits lightor another form of energy which is partially absorbed and partiallyreflected by a portion of flesh of a user. Such light or energy mayinclude, but is not limited to, ultrasonic energy, infra red light, nearinfra red light, ultra violet light, specific wavelength-visible ornonvisible light, white light, or electrical signals. The receivercollects those portions of light or energy that are reflected from theuser. Based upon the light or energy reflected, data relating tointernal biometric markers may be determined and a biometric profile ofthe user may be constructed. Some of the internal biometric markerswhich may be measured or determined from the biometric sensor include,but are not limited to, bone density, electromagnetic waves, cardiacrhythms, diacrotic notch readings, blood oxygen levels, capillarydensity, glucose levels, hematocrit levels, or sub-dermal layeranalysis. Other biometric markers, such as bio-electric signals,resistance, impedance, capacitance, or other detectable electricalsignals emanating from the body may also be detected by the sensor andused or combined with the feedback to the receiver to create a biometricprofile of the user.

The biometric sensor may also include an activation device foractivating the biometric sensor so that the biometric sensor is notalways activated. Examples of the biometric sensor portion of thebiometrically activated device of the present invention are more fullyexplained in the examples described below.

The memory module of the biometrically activated device is capable ofreceiving and storing data. The memory module is also capable ofperforming functions on the stored or received data to effectuate thecreation of a biometric profile for a user. A biometric profile is basedupon an internal biometric marker or markers of the user. Energy signalsobtained from the biometric sensor may be converted into electricalsignals which in turn may be converted to a biometric profile based upona mathematical algorithm or transformation. The memory module may alsostore the commands or programming which will allow access to theapparatus being protected, or stored data such as phone numbers, accountcodes, or other information which a user wishes to keep private.Examples of the memory module of the present invention are furtherexplained below.

Because the biometrically activated device is based upon a user'sprofile, the biometrically activated device is at least capable ofaccepting an initial biometric profile corresponding to the desiredauthorized user. The profile may be determined from the first use of thebiometrically activated device or, alternatively, programmed before thefirst use in accordance with predefined biometric profiles.

FIG. 1 illustrates a schematic of the preferred embodiment of thebiometrically activated device of the present invention. The device 50includes a biometric sensor 60 and a memory module 70. The biometricallyactivated device is activated by the contact of a user 80 with thebiometric sensor 60 of the device 50. Preferably, the user 80 willactivate the device 50 by placing a finger on the biometric sensor 60for a period of time sufficient for the biometric sensor 60 to perform ascan of at least one unique internal biometric marker of the user 80. Itis also understood that the device 50 may be remotely activated or maybe maintained in an activated state.

Activation of the device 50 triggers the emission of energy 65 from anemission device 61. The energy 65 is directed towards a user 80 where itis both absorbed and reflected. The portion of energy 65 reflected backat the device 50 is measured by a receiving device 62. The receivingdevice 62 interprets the amount of energy 65 received and converts theenergy into an electrical signal 66 which is communicated to the memorymodule 70 of the device 50. In alternate embodiments, the energyreceived by the receiving device 62 is converted to an electrical signal66 by a translator (not shown).

The memory module 70 receives the electrical signal 66 and begins anauthentication process of comparing an internal biometric marker, ormarkers, of the user 80 with the biometric marker, or markers, of theauthorized users stored in the memory module 70. The characteristics ofthe electrical signal 66 represent the internal biometric marker, ormarkers, which the biometric sensor 60 obtains from the user 80. Thememory module 70 compares the electrical signal 66 to a known biometricprofile 76 stored within the memory module 70. If the electrical signal66 is identical to the known biometric profile 76, the biometricallyactivated device has authenticated the user 80 and allows access to thedata 72 stored within the memory module 70. If the electrical signal 66,is not authenticated, the biometric device 50 denies access to the data72 stored within the memory module 70. Preferably, when access to thedata 72 is denied, the biometric device 50 automatically turns off.

Although the electrical signal 66 may be directly compared to the knownbiometric profile 76, the electrical signal 66 may also be transformedwithin the memory module 70 prior to comparison with the known biometricprofile 76. The electrical signal 66 may be transformed into amathematical representation or value based on algorithms programmed intothe memory module 70. The algorithms typically represent the necessarytransforms needed to interpret the internal biometric marker representedby the electrical signal 66. The mathematical representation or value,which represents the biometric profile of the user 80, is compared to aknown biometric profile 76 stored within the memory module 70. If themathematical representation or value is authenticated, access to thedata 72 stored in the memory module is allowed.

Once accessed, the data 72 stored within the biometric device 50 may bedisplayed in some manner or used to perform an act on another device.For example, the data 72 may be displayed on an output device. Likewise,the data 72 may trigger the execution of a program within the memorymodule 70 such that the memory module 70 causes the actuation of adevice, such as a door lock, in communication with the memory module.Further examples are described herein.

FIG. 2 illustrates another preferred embodiment of a biometricallyactivated device: a credit card. A biometrically activated device is anintegral portion of a biometric device 100, which in this case has thesame shape, size and dimensions as a typical credit card. It isunderstood, however, that the shape, size, and dimensions of the creditcard are not limiting to the invention.

As illustrated, the biometric device 100 includes a biometric sensorhaving a light emitter 112 and a light acceptor 114. The biometricsensor 110 may additionally include an activation device 116 as shown inFIG. 2. Activation of the biometric sensor 110 triggers the lightemitter 112 to emit a light 113. An example of a suitable light emitter112 is a light emitting diode (LED). Various types of LED's oralternative light sources may be substituted as the light emitter 112depending upon the desired wavelength and characteristics of light 113emanating therefrom. The light acceptor 114 can be any device capable ofabsorbing reflected light 113.

In normal use, an individual wishing to use the biometric device 100places a body part, such as a thumb or finger, over the biometric sensor110 such that light 113 emitted from light emitter 112 is directedtoward the body part and is reflected back towards the light acceptor114. Typically, the biometric sensor 110 will include an activationswitch 116 which activates the biometric sensor 110 when a body part isplaced over the biometric sensor 110, and causes light 113 to be emittedfrom the light emitter 112 for a fixed duration of time. Light 113 ispartially absorbed and partially reflected by the body part covering thebiometric sensor 110. Reflected light 113 is monitored by the lightacceptor 114.

A preferred embodiment of the invention utilizes an infra red LED, whichemits sufficient infra red light to penetrate the epidermal layer ofskin of a user. A portion of the infra red light is reflected back tothe light acceptor 114 while the remainder of the light is absorbed orlost. Based upon the amount of light reflected back to the lightacceptor 114 over a period of time, a biometric profile may beestablished. The portion of the light signal received by the lightacceptor 114 is compared to biometric data or a biometric profile storedwithin the biometric device 100. If the light signal is identical to thebiometric profile stored within the biometric device 100, the biometricdevice is activated. Where the light signal does not correspond to thestored biometric data or profile, the biometric device is not activatedand the biometric sensor 110 is temporarily turned off.

Activation of the biometric device 100 requires proper identification ofthe user of the biometric device 100. FIG. 3 depicts a cut-away planview of the biometric device 100 exposing a memory module 120 incommunication with the light acceptor 114 of the biometric sensor 110.The biometric profile of the authorized user is stored within the memorymodule 120. Other data, such as account codes, names, addresses, passcodes, or graphics, may also be stored within the memory module 120.Once a biometric profile of the user is constructed by the biometricsensor 110, the user's biometric profile is compared to the biometricprofile stored within memory module 120. If the user's biometric profilematches that of the biometric profile of the authorized user stored inthe memory module 120, the memory module allows access to at least aportion of the additional data or information stored within the memorymodule 120.

The biometric sensor 110 may also include a translator (not shown) whichinterprets the level of light or energy received by the light acceptor114 and constructs a biometric profile based upon the data received. Thetranslator may also be an integral portion of the light acceptor 114wherein the amount of accepted light is transformed into an electricsignal. The biometric profile is then compared to the biometric data orprofile stored within the memory module 120.

Upon activation of the biometric device 100 of FIGS. 2 and 3, the memorymodule 120 releases the information, such as account information,required to perform an electronic transaction. The information stored inthe memory module 120 maybe released in a number of ways. As illustratedin FIG. 2, only a portion of the account numbers 150 are embossed on thebiometric device 100. In the instant example, a blank liquid crystaldisplay (LCD) 155 is positioned next to the account numbers 150. Uponactivation of the biometric device 100, the memory module 120 activatesthe LCD 155 and communicates the information necessary to display theremaining account numbers 151 on the LCD 155, as illustrated in FIG. 4.Likewise, upon activation of the biometric device 100, the memory module120 may repeatedly send account information to a magnetic transmitter160 on the biometric device, as depicted in FIG. 5. The magnetictransmitter 160 shown in FIG. 5 may reside in the same location occupiedby the magnetic strip of a credit card, such that the biometric device100 may be used in the same manner as a credit card upon activation.

Other methods or devices for communicating the data or informationstored within the memory module 120 may also be used. For example, theLCD 155 could be replaced with LED's or alternative display devices.Likewise, the magnetic transmitter 160 may be replaced with a digitaldevice providing digital signals for a transaction or a light emitterwhich would release the data or information stored in the memory module120 by the emission of visible or non-visible light.

It is intended that the biometric device be self-calibrating. Forexample, the original biometric data or profiles stored in the memorymodule 120 may be calibrated through repetitive use. As thebiometrically activated device is used, the biometric profiles obtainedare averaged such that a specific number of the most recent successfulbiometric readings, offset by the original biometric profile, are usedto create a more complete biometric profile of the authorized user.

As part of the built-in security feature, the biometric device 100 canautomatically deactivate. For example, the memory module 120 may beprogrammed such that, once the user is authenticated and the biometricdevice is activated, the memory module 120 will display the accountnumbers 150 on an LCD 155 and/or repeatedly send account information toa magnetic transmitter 160 for a fixed duration of time. Thus, access tothe information stored within the memory module 120 may be limited to aspecific period of time needed to carry out an electronic transaction.This feature advantageously prevents the unnecessary display of accountnumbers 150 and electronic copying of information permanently stored inmagnetic strips of current credit cards. In addition, because thebiometric device 100 may only be activated by the authorized user,others are prevented from using the biometric device 100 to perform aninvalid transaction.

The biometric device 100 may further include a power source 170 tosupply the necessary energy for the operation of the biometric device100, as depicted in FIG. 3. The power source may be in the form of abattery, a capacitor, a fuel cell, or alternative energy-producing orstorage mechanism. Likewise, the power source may be rechargeable.Examples of alternative power sources include photocells, piezo electricgenerators, static generators, heat absorbers and other power generationmechanisms.

Use of the biometrically activated device of the present invention isnot limited to use in credit cards. For example, a security badge couldemploy the present invention, allowing only the authorized user theability to use the security badge. Likewise, drivers licenses or otheridentification cards using the biometrically activated device wouldguarantee that only the authorized user could properly operate thebiometric device. For example, a drivers license could employ abiometrically activated device. The data on a drivers license, or thepicture of the individual owning the drivers license, stored within thememory module could be displayed upon the proper authentication of theuser of the license.

The biometrically activated device of the instant invention couldadditionally be utilized in cell phones. As cell phones become moreadvanced and more information is stored within the cell phone, it isdesirable to provide a means with which to secure the data storedtherein. As cell phones and Personal Data Assistants (PDA) areintegrated and combined, the need for security will become even moreimperative. In order to protect such devices and restrict access to theauthorized users of the device, a cell phone or PDA (or combinationthereof) could be equipped with the biometrically activated device ofthe present invention. Thus, the cell phone or PDA could only beactivated by the owner or other authorized user of the device.

Additional components connected to the biometrically activated devicealso expand the uses of the device. For example, instead of releasingdata, such as account numbers, the memory module 120 of the device couldbe programmed to actuate a mechanical device, such as a door lock. Thenecessary control codes, or required programming in the biometricallyactivated device allow a user to perform mechanical functions based uponthe proper authentication of the user.

It is understood that the present invention is not limited in use, butrather may be employed in any environment where it is necessary ordesirous to provide an inexpensive and portable security measure whichrestricts use of a device to individuals having certain, programmedbiometric profiles to access data or information stored within thedevice or initiate a process.

Embodiments of the present invention can include, but are not limitedto, card-based products such as credit cards, smart cards, debit cards,ATM access cards, facilities access cards, security cards,identification cards or other card-based products requiring secure useor activation. Also included, for example, are activation mechanisms forproducts such as computers, microcomputers, PDA's (personal dataassistants), cell phones, secure access systems, secure entry systems,software access mechanisms, PIN number replacement, firearm locks,transaction activation, or voting mechanisms. The present invention canadditionally be utilized as a security feature in drivers licenses,passports, theme park passes, safebox access and the like. Furtherexamples include the combination of the present invention with aninteractive display screen or computer device to protect computers orinformation transmitted over the internet. Having thus described certainpreferred embodiments of the present invention, it is understood thatthe invention defined by the appended claims is not to be limited byparticular details set forth in the above description, as many apparentvariations thereof are possible without departing from the spirit orscope thereof as hereinafter claimed.

In some embodiments, the biometric sensor coupled to a communicationsdevice as described above may be used as part of a secure monitoringsystem. The monitoring system may leverage the biometric sensordisclosed herein to obtain measurements of various biologicalcharacteristics of an individual, derive from the measurements one ormore biometric markers, and transmit the biometric markers and/ormeasurements to a monitoring service. The monitoring service may use theinformation to determine the identity of the individual, authenticatethe information, and perform a monitoring function using theinformation. The monitoring function may determine what, if any, actionsshould be taken responsive to a particular set of measurements receivedfrom an individual. In addition, the monitoring function may provide theuser and/or heath care professionals associated with the individual, anindication of the current health state of the individual.

FIG. 6A is a block diagram of a system for securely monitoring anindividual using a biometric sensor coupled to a portable communicationsdevice. The portable communications device 602 includes a biometricsensor 604, which may be configured to measure one or more biologicalcharacteristics of an individual 601. The biometric sensor 604 may beintegrally coupled to the portable communications device 602.Alternatively, the biometric sensor 604 may be detachable (e.g., may beremovable and/or separable from the portable communications device).Several examples of portable communications devices comprisingrespective biometric sensors are described above. The portablecommunications device 602 may comprise a cellular telephone or smartphone, a personal digital assistant, a portable computer, a mediaplayer, or the like.

The biometric sensor 604 may be configured to measure biologicalcharacteristics of the individual 601 in various different ways. In someembodiments, the biometric sensor 604 may include an energy emitter andan energy receiver. An example of this type of biometric sensor 604 isdescribed above in conjunction with FIG. 1. The energy emitter may beconfigured to emit electrical, electro-optical (EO) radiation, or othertypes of energy radiation into the individual 601. In some embodiments,the emitter may be configured to emit infrared and/or near-infraredlight energy into the individual 601. The energy emitter may emit energyconfigured to penetrate the epidermis of the individual 601 to measurean internal, sub-epidermal characteristic of the individual 601, such asa non-volitional process occurring within the user (e.g., a heartbeat,nervous system response, etc.), a sub-epidermal structure within theuser (e.g., a histological characteristic, such as a blood vesselpattern, a skeletal structure, tissue structure, or the like).

The energy emitter may be configured to emit energy of different types(e.g., at various different wavelengths) and/or at various differentorientations and/or angles relative to the individual 601. In someembodiments, the biometric sensor 604 may incorporate multiple energyemitters, each configured to emit a respective type of energy at aparticular location and/or orientation relative to the individual 601.

The biometric sensor 604 may include one or more energy receiversconfigured to detect an energy signal responsive to the emitted energy.The receivers may be configured to detect various different types of EOradiation including, EO radiation, electrical energy, or the like.

In some embodiments, the biometric sensor 604 may leverage existingcomponent of the portable communications device 602. For example, theenergy receiver may be implemented in conjunction with other features ofthe device, such as a camera. For example, the portable communicationsdevice 602 (which may include a cellular telephone, smart phone, a PDA,or the like) may include a camera or other imaging device. The cameramay include an EO capture component, such as a charge-coupled device(CCD) or other EO detector. The biometric sensor 604 may leverage theCCD (or other EO sensor) to detect EO radiation responsive to emissionby the EO emitter. The CCD may be adapted to detect EO radiation of theproper wavelength, which may require a modification of the CCD from thatof a typical camera. In other embodiments, the CCD may be used toaugment another energy sensor (e.g., the camera CCD may be configured tocapture EO radiation in the visible spectrum and the biometric sensor604 may include another sensor configured to capture other types and/orwavelengths of EO radiation). Similarly, the energy emitter of thebiometric sensor 604 may leverage components of the portablecommunications device 602. For example, the portable communicationsdevice 602 may include a flash for the camera, illumination LED toilluminate controls of the device 602, or the like. These variousemitters may be leveraged to emit EO radiation (or other radiationtypes) into the individual 601. Similarly, the communications device 602may include an energy storage device, such as a battery, and may includeone or more electrical contacts or conductive surfaces. The energystorage device may be used to power the biometric sensor 604 (e.g., toallow energy to be emitted into and/or received from or through theindividual 601). The electrical contacts may be used to emit electricalenergy into the individual 601 (e.g., apply a voltage differential to aportion of the individual's body, cause a current to flow though theindividual's tissue, or the like).

Alternatively, or in addition to the active sensor described above, thebiometric sensor 604 may be and/or comprise a passive sensor. A passivesensor may be configured to measure internal, sub-epidermalcharacteristics without emitting energy into the individual 601. Forexample, the biometric sensor 604 may include an electrical contactconfigured to measure a current and/or voltage differential within theindividual 601. Alternatively, the passive sensor may be configured todetect a magnetic field indicative of electrical activity occurringwithin the individual 601. The electrical signal may be indicative of aheartbeat waveform of the individual 601 (e.g., an electrocardiogram),may be related to the individual's nervous system, may be related to theindividual's sensory system, may be a neurological signal, or the like.

As shown in FIG. 6B, the device 602 may include a processing module 607,which may be communicatively coupled to the biometric sensor 604. Theprocessing module 607 may be communicatively coupled to a memory module608, which may comprise computer-readable instructions. The memorymodule 608 may include a disk, memory (e.g., flash memory), or any otherstorage medium known in the art. The processing module 607 and/or thememory module 608 may be shared resources that are used by the portablecommunications device 602 to provide communications and other services,such as, media services (e.g., music player, video viewer, etc.),provide contact information, store photos, provide various applications(e.g., word processing, email, etc.), and the like. Alternatively, or inaddition, the processing module 607 and/or the memory module 608 may bededicated for the use with the biometric sensor 604.

The biometric sensor 604 may include one or more EO emitters 605 and oneor more EO receivers 606, which, as discussed above, may be configuredto emit EO radiation into the individual 601 and detect EO signal(s)responsive thereto. In some embodiments, multiple EO emitters 605 and/orEO receivers 606 may be used provide for stereo imaging of theindividual 601. Alternatively, or in addition, different EO emitters 605and/or EO receivers 606 may be used to emit different types of EOradiation into the individual 601 (e.g., EO radiation of differentwavelengths, intensities, etc.) and/or from different locations and/ororientations for use with different types of individuals 601. Forexample, a first individual 601 may hold the device 602 in his or herright hand, whereas a second individual 601 may hold the device 602 inhis or her left hand, the EO emitters 605 and/or EO receivers 606 may bedistributed on the device 602 to accommodate both types of users. Insome embodiments, the biometric sensor 604 may include one or morepassive sensors (not shown).

The biometric sensor 604 may be configured to transmit to the processingmodule 607, signals representative of the energy signals received by theEO receiver(s) 606 (e.g., using active and/or passive sensors). Thesignals may include analog signals, digital signals, or the like. Theprocessing module 607 may be configured to determine from the signals,measurements of one or more internal, sub-epidermal characteristics ofthe individual 601. Determining the measurements may include analyzingthe signals (e.g., transforming the signals, combining multiple signals,filtering, converting, or the like) to determine the measurements. Forinstance, the biometric sensor 604 may obtain signals responsive tovarious different EO wavelengths, each of which may be adapted to reactwith different portions of tissue and/or fluid within the individual601. In one example, the wavelengths may be selected to detectoxygenated and deoxygenated blood cells within the individual 601. Theprocessing module 607 may combine signals corresponding to energyreceived responsive to the different wavelengths to measure a bloodflow, oxygen level, or other characteristics of the individual 601.Similarly, the processing module 607 may be configured to combinesignals representative of energy signals received responsive to energyemissions obtained at various locations and/or angles relative to theindividual 601. The various signals may be combined to create a model(e.g., a 2D or 3D model) of a blood vessel pattern within the individual601.

The processing module 607 may derive one or more biometric markers fromone or more of the measurements as discussed above. One of the biometricmarkers may be derived from a measurement of an internal, sub-epidermalcharacteristic of the individual 601, such as a non-volitional processoccurring within the individual 601, internal, sub-epidermal structurewithin the individual 601, or the like. Examples, of various biometricmarkers related to various measurements are described above.

In some embodiments, the processing module 607 may determine a biometricmarker that is substantially unique to the individual 601. Theprocessing module 607 may additionally determine one or more biometricmarkers that are not as unique to the individual 601 (e.g., do notuniquely identify the individual 601, but may distinguish the individual601 from some portion of the population). For example, a biometricmarker may merely be indicative that the user is a living human (e.g.,as opposed to an automatic replay device, a non-human spoofing device,non-living human tissue, or the like), the marker may distinguish theindividual 601 from fifty-percent of the population, from eighty-percentof the population, and so on. One or more of the biometric markers maybe used to verify that a unique biometric marker was obtained from aliving human and/or may be used with (e.g., layered with) otherbiometric markers.

After determining the one or more biometric markers, the processingmodule 607 may be configured to activate the portable communicationsdevice 602. Activating the portable communications device 602 mayinclude activating a communications interface 622, which may becommunicatively coupled to the processing module 607 and/or biometricsensor 604. Upon activation, the device 602 may be configured to performa communications function using the communications interface 622, suchas transmitting and/or receiving data on a network, such ascommunications network 620 of FIG. 6A. The communications network 620 ofFIG. 6A may comprise any communication network (or combination ofnetworks) known in the art including, but not limited to: a publicswitched telephone network (PSTN), a data communications network, aTCP/IP network, the Internet, a wireless network, a cellular network, orthe like.

Referring to FIG. 6A, the portable communications device 602 may beconfigured to transmit data to a receiver 630. The data may include themeasurements and/or the biometric markers derived therefrom. As usedherein, information transmitted from the portable communications device602 to the receiver may be referred to as a “monitoring packet” 609. Amonitoring packet 609 may include, but is not limited to: one or moremeasurements obtained using the biometric sensor 604, one or morebiometric markers derived from the measurements, user-identifyinginformation, and the like. The monitoring packet 609 transmitted by theportable communications device 602 may include information relating toand/or obtained from the individual 601.

In some embodiments, the monitoring packet 609 may include information,which may be used to identify the individual 601 and/or reduce thesearch space for the individual 601 by the receiver 630 and/ormonitoring service 632. For example, in a PSTN or cellular network 620,the transmission may include the number (or other addressinginformation) of the portable communications device 602. Transmissionover a data network, such as TCP/IP may include the IP address, mediaaccess layer (MAC) address, hardware address, or the like. Othercommunications networks 620 may include similar information.

The information transmitted over the network 620 may be protected by atransport layer security mechanism, such as encryption (e.g., usingsecure sockets layer (SSL) or another standard), authentication (e.g.,mutually authenticated SSL), or the like. The transport layer securitymay prevent the information transmitted by the device 602 from beingacquired by an unauthorized receiver (e.g., in a man-in-the middleattack).

The receiver 630 may receive the monitoring packet 609 transmitted bythe portable communications device 602. The receiver 630 may includeand/or be communicatively coupled to a monitoring service 632, which maybe configured to monitor one or more individuals, such as the individual601. The receiver 630 and/or the monitoring service 632 may comprise oneor more computing devices (server computers) comprised of one or moreprocessors, memory units, processing units, input/output devices,displays, communications interfaces, and the like.

The receiver 630 may include and/or be communicatively coupled to a datastore 634, comprising information on various individuals. As usedherein, information about an individual that is maintained by thereceiver 630 and/or the monitoring service 632 on the data store 634 maybe referred to as an individual profile 636. Accordingly, an individualprofile 636 may refer to a data structure comprising information aboutan individual 601. The data structure embodying an individual profile636 may be stored on the data store 634, which may include acomputer-readable storage medium. As will be discussed below, anindividual profile 636 may include, but is not limited to: a biometricprofile of the individual 601, the biometric profile comprising one ormore biometric markers and/or measurements of internal, sub-epidermalcharacteristics of the individual 601, measurements received from anindividual 601 over a particular time period, monitoring instructionsfor the individual 601 (e.g., rules, triggers, thresholds, and thelike), indentifying information, and the like.

Access to the information (the individual profiles 636) in the datastore 634 may be protected under various guidelines, such as HealthInsurance Portability and Accountability Act (HIPPA), the PersonalHealth Information Privacy Act (PHIA), or the like. Therefore, themonitoring service 632 and/or the data store 634 may include a securitylayer 633 (discussed below), which may be configured to enforce accesscontrol or other security measures to protect the individual profiles636. The data store 634 may be implemented using any data storage and/ordata management technique known in the art including, but not limitedto: a relational database, an XML database, a directory, a file system,or the like. Accordingly, the data store 634 may include one or morefixed disks, non-volatile memory (Flash memory), volatile memory,optical storage, tape storage, and the like.

As discussed above, an individual profile 636 may include informationrelating to monitoring of an individual 601, and, as such may includebaseline biological measurements of various characteristics of theindividual 601, including, but not limited to: a baseline heartbeatwaveform, hemodynamic waveform, blood pressure, pulse rate, blood oxygenlevel, glucose level, tissue features, and the like. These baselinemeasurements may comprise a biometric profile of the individual 601,which may be used to monitor the individual 601.

The individual profile 636 may further include one or more scripts,rules, and/or triggers (discussed below), which may be used to perform amonitoring function on the user. The monitoring function may beperformed to determine an appropriate action (if any) to take inresponse to a monitoring packet 609 received from the individual 601.

Monitoring packets 609 received by the receiver 630 may be validated(e.g., using transport layer security mechanisms, such as SSL, mutuallyauthenticated SSL, or the like), and forwarded to the monitoring service632. The forwarding may comprise scanning the monitoring packets forviruses, Trojans, or other malicious information or code. The monitoringservice 632 may be protected using various network security features.For example, the receiver 630 may be placed within a network DMZ and maybe separated from the monitoring service 632 by a firewall (not shown)or other network security device.

Upon receiving the monitoring packet 609, the monitoring service 632 maybe configured to identify the individual 601 associated with the packet609, authenticate the identity of the individual 601 and/or theinformation within the packet 609, and perform a monitoring functionusing information within the monitoring packet 609.

The receiver 630 may identify the information using a biometric markerincluded with and/or embedded within the monitoring packet 609. Asdiscussed above, a biometric marker determined by the biometric sensor604 may be substantially unique to the individual 601. Therefore, thebiometric marker may be used to identify the individual 601. Identifyingmay include comparing the biometric marker in the monitoring packet 609to information stored in the data store 634. For example, the biometricmarker may be compared to each individual profile 636 within the datastore 634. The identity to the individual 601 associated with themonitoring packet 609 may be determined by matching an individualprofile 636 to the biometric marker therein (e.g., if the biometricmarker corresponds to the individual profile 636, the identity of thesender of the monitoring packet 609 may be determined.)

In some embodiments, the process of identifying the sender of themonitoring packet 609 may be hierarchical; for example, the packet 609may include plural biometric markers. One or more of the markers may notbe completely unique to the individual 601 (e.g., may exclude fiftypercent of the population). The non-substantially unique biometricmarkers may provide for relatively fast comparisons (e.g., fastcomparisons between the individual profiles 636 and the biometricmarker, as opposed to comparisons involving the substantially uniquebiometric marker(s)). Accordingly, the non-unique biometric marker(s)may be used first to exclude one or more of the individual profiles 636on the data store 634. The unique biometric marker may then be appliedto the remaining profiles 636 until a match is found.

In some embodiments, the search space for a matching individual profile636 may be reduced using user-identifying information within themonitoring packet 609. As discussed above, the monitoring packet 609 mayinclude user-identifying information. The information may have beenprovided by the user (e.g., a user name, email address, PIN, or thelike), and/or may have been included by the transport-layer (e.g., ahardware address, and IP address, a MAC address, or the like). Themonitoring service 632 may use the user-identifying information toreduce the search space within the data store 634. For example,addressing information (such as an IP address, MAC, or the like) may beused to reduce the search space to those individuals that are known tohave a corresponding device and/or address. A relationship orassociation between an individual profile 636 and a device or addressmay be established a priori (e.g., when the individual 601 establisheshis/her profile 636) and/or may be done on an ad hoc basis (e.g., eachtime an individual 601 submits a monitoring packet 609 using a newdevice and/or address, the address may be associated with the individualprofile 636 of the individual 601).

If the individual profile 636 identified using the user-identificationinformation does not correspond to the monitoring packet 609, the restof the individual profiles 636 may be searched as described above. Forexample, if a first user borrows a device owned by a second user totransmit a monitoring packet 609, the user identifying informationincluded with the packet 609 (e.g., IP address, MAC address, etc.) maybe associated with the second user (since the device 602 is typicallyused by the second user). However, the biometric marker in themonitoring packet 609 will not correspond to the individual profile 636of the second user. Upon determining that the user-identifyinginformation did not provide a match, the monitoring service 632 and/orsecurity layer 633 may search the rest of the individual profiles 636(or a subset thereof) to identify the individual profile 636 of thefirst user.

After the individual 601 (and individual profile 636) corresponding tothe monitoring packet 609 has been identified, the monitoring service632 and/or security layer 633 may be configured to authenticate theinformation within the monitoring packet 609. In some embodiments, thepacket 609 may be authenticated in part by the transport layer used totransmit the packet 609 (e.g., by the SSL or mutually authenticated SSLconnection). In addition, the monitoring packet 609 may include one ormore biometric markers. The biometric markers may be compared toinformation in the identified individual profile 636. In someembodiments, the individual profile 636 may include one or morebiometric markers corresponding to the biometric markers transmitted inthe packet 609. The markers may be compared and, if the markerscorrespond to one another (e.g., match within a particular tolerance orthreshold), the markers may be identified as being produced by theindividual 601 (e.g., may be authenticated). Similarly, the individualprofile and/or packet 609 may include one or more baseline measurementsand/or a biometric profile from which a biometric marker may be derived.The derived biometric markers may be compared for a match.

In some embodiments, the authentication may include a challenge/responseinteraction. Responsive to identifying the individual profile 636associated with the monitoring packet 609, the monitoring service 632and/or security layer 633 may transmit a challenge message 611 to theportable communications device 602. The challenge 611 may require thatthe individual 601 provide a particular authentication credential (e.g.,a digital signature), a password, or the like. Alternatively, or inaddition, the challenge 611 may request a particular biometric marker orbiological measurement. For example, the challenge 611 may request ahemodynamic waveform of the user, a blood vessel pattern of the user, orthe like. The monitoring service 632 and/or security layer 633 mayselect the biometric marker or measurement for the challenge 611 from aset of measurements that the biometric sensor 604 is capable ofacquiring. The selection may be random or may follow a predeterminedpattern. The selection of the particular biometric marker and/ormeasurement may prevent a replay or similar attack. In response to thechallenge 611, the processing module (607 in FIG. 6B) may be configuredto obtain the requested biometric marker and/or measurement using thebiometric sensor 604. As shown in FIG. 6A, a response 613 to thechallenge may then be transmitted to the receiver 630 via the network620. The monitoring service 632 and/or security layer 633 may validatethe response 613 to the challenge 611 and, if the response 613 isvalidated, may authenticate the individual 601.

The challenge/response procedure described above may not be required inevery case. Accordingly, in some embodiments, the monitoring service 632and/or security layer 633 may authenticate the monitoring packet 609and/or the identity of the individual 601 on the basis of the biometricmarker(s) within the monitoring packet 609. In some embodiments, themonitoring service 632 and/or security layer 633 may determine whetherto perform a challenge/response procedure according to the contents ofthe monitoring packet 609. For example, if the monitoring packet 609includes a “weak” biometric marker (not particular unique to theindividual 601), a challenge/response may be issued. Similarly, if themonitoring packet 609 is received from a device, location, and/oraddress that has not been used by the individual 601 in the past (e.g.,the individual 601 is using a new communications device 602 for themonitoring), a challenge/response procedure may be followed. However, ifseveral strong biometric markers and/or measurements are provided in themonitoring packet 609, no challenge 611 may be issued.

After authenticating the monitoring packet 609, the monitoring service632 may perform a monitoring function. The monitoring function may bedefined in one or more scripts, rules, and/or triggers. A monitoringscript may compare the one or more measurements within the monitoringpacket 609 to one or more baseline measurements of the individual 601,to one or more thresholds, or the like. The results of the comparisonsmay be evaluated by one or more rules and/or triggers.

A rule may specify a particular action in response to a particularmeasurement and/or deviation between a measurement and an establishedbaseline of the individual 601. For example, if a hemodynamic waveformmeasurement in the packet 609 exceeds a particular threshold (e.g., asystolic and/or diastolic pressure threshold) a first action may betriggered by the monitoring service 632. If a heartbeat waveformmeasurement in the monitoring packet 609 shows a divergence from abaseline measurement (e.g., exhibits an abnormal rhythm or the like) asecond action may be triggered. In another example, if the blood oxygenlevel of the individual 601 shows a divergence from the establishedbaseline of the individual 601, a third action may be triggered, and soon.

The triggers associated with the individual profile 636 may determinethe nature of the actions taken by the monitoring service 636 inresponse to the rules discussed above. The triggers may define variousdifferent thresholds, each of which may result in a different actiontaken by the monitoring service 632. For example, if the divergencebetween the hemodynamic waveform exceeds a threshold by a small mount,the trigger may determine a first action, if the threshold is exceededby a larger amount a second action may be taken, and so on. Forinstance, a small divergence in a blood pressure measurement may triggeran alert to the individual 601 to take a particular action (e.g., reduceactivity level, control stress, etc.). The alert may be transmitted fromthe monitoring service to the individual 601 via the portablecommunications device 602 or some other device or address (e.g., emailaddress, SMS message, voice message, or the like). The alert may includean audible alarm, vibration, or other alerting mechanism provided by themobile communications device 602 (e.g., a ringtone or the like).Alternatively, or in addition, heath care providers responsible for thecare and/or monitoring of the individual 601 may be notified (e.g., adoctor or other health care provider 641), a health care entity 640(discussed below), or the like). If a more significant divergence isobserved, a different response from the monitoring service 632 may betriggered. For example, the individual 601 may be alerted to seekmedical attention immediately (e.g., via the portable communicationsdevice 602 or the like), medical response personnel may be dispatched tothe individual 601 (e.g., in an ambulance response or less urgent methodif appropriate).

The triggers discussed herein may be adapted to provide any number ofdifferent responses to any number of different conditions. For example,a rule and/or trigger may include multiple measurements, such as acombination of pulse rate and pressure. A rule or trigger may beactivated responsive to changes in both measurements (e.g., a divergencein both measurements may indicate a more serious condition than a changein a single measurement). In addition, a combination of changes may becapable of detecting more subtle changes within the measurements. Forinstance, a serious condition may be detected by small changes in aplurality of measurements as opposed to waiting for a more significantchange in a single measurement.

In some embodiments, a rule and/or trigger may specify a change to themonitoring of the individual 601. For example, a trigger may indicatethat a different set of measurements are required for proper monitoring(e.g., may require a hemodynamic waveform). Accordingly, a trigger maytransmit a reconfiguration message to the portable communications device602 to configure the device to include the additional measurement(s) insubsequent monitoring packets 609. Similarly, a trigger may indicatethat one or more measurements are redundant or unnecessary and acorresponding reconfiguration message may be transmitted.

In some embodiments, an individual 601 may provide monitoring packets609 at a particular interval. The individual 601 may be reminded toprovide the measurements by the portable communications device 602(e.g., via a prompt issued by the device via a ring, message, or thelike). Alternatively, or in addition, the prompt may be provided by themonitoring service 632 by way of a reminder message. A trigger or ruleassociated with the individual profile 636 may modify the frequency ofthe monitoring according to the measurements provided by the individual601. For instance, if a trigger or rule indicates a slight divergencefrom a particular baseline or threshold, the monitoring frequency may beincreased. Alternatively, if the user has provided steady measurementsfor a particular time period, the monitoring frequency may be decreased,and so on.

In some embodiments, the monitoring service 632 may determine that anadditional measurement is required right away. For example, a firstmeasurement may be indicative of a particular condition or health state.The monitoring service 632 may determine (according to a particulartrigger or rule) that in order to verify the condition or heath state,one or more additional measurements are required. Accordingly, themonitoring service 632 may issue a request to the portablecommunications device 602 to cause the device to prompt the individual601 to provide the requested measurement.

Although the monitoring service 632 is described as using a particularmonitoring function comprising scripts, rules, and/or triggers, themonitoring service 632 described herein is not limited in this regard.The monitoring service 632 could be adapted to use any monitoringtechnique and/or methodology known in the art.

The monitoring service 632 may be communicatively coupled to a healthcare entity 640. The entity 640 may represent a doctor, group ofdoctors, a health maintenance organization, healthcare cooperative, ahospital, a clinic, or the like. The monitoring service 632 may providethe health care entity 640 with information regarding individuals in thecare of the health care entity 640. Accordingly, personnel and/orautomated systems within the entity 640 may have access to one or moreportions of one or more individual profiles 636 available on the datastore 634 (e.g., measurements obtained from the individual 601 via thedevice 602). The information may include, but is not limited to: ahealth state of the individual 601 (as determined by the monitoringservice 632), the scripts, rules, and/or triggers of the individual 601,historical measurement readings, or the like. Access to the informationin the individual profile 636 may be controlled by the security layer633 to conform to one or more sets of regulations (e.g., HIPPA or thelike).

In some embodiments, the health care entity 640 and/or authorizedpersonnel of the entity, such as a health care provider 641, may beallowed to modify the individual profile 636 of the individual 601. Themodifications may include changing the nature of the monitoringperformed by the monitoring service 632, changing the types ofmeasurements requested from the individual 601, and the like. Forinstance, the health care entity 640 (or health care provider 641) maydefine the types of measurements to be obtained from the individual 601,the frequency at which the monitoring should be performed, and the like.In addition, the health care entity 640 may modify the script, rules,and/or triggers associated with the individual 601. For example, thehealth care entity 640 may define conditions, which may cause themonitoring service 632 to contact or alert the entity 640 (e.g., definethe thresholds, etc. evaluated by the monitoring service 632). In otherembodiments, the monitoring service 632 itself (or personnel of themonitoring service 632 may perform these functions).

The individual 601 may have access to portions of his/her individualprofile 636. The access may be provided via the network 620. Forexample, the monitoring service 632 and/or the receiver 630 may includeand/or be communicatively coupled to a web server or other servercomputing device (e.g., the receiver 630 may include a web server and/orbe communicatively coupled to a separate web server computing device(not shown)). The individual 601 may access the web server using acommunications device (e.g., personal computer, cellular phone, PDA, orthe like). The individual 601 may authenticate his/her identity to theweb server (e.g., using a biometric marker as described above or usingother means for authentication, such as a password, certificate,credential, or the like). After authenticating the identity of theindividual 601, the web server may provide an interface configured todisplay portions of the individual profile 636. In some embodiments, theindividual 601 may access the measurements obtained via the portablecommunications device 602, access any alerts and/or triggers that havebeen detected by the monitoring service 632, and so on. Alternatively,or in addition, information derived from the measurements, such ashealth state, calories burned, or the like, may be displayed.

In some embodiments, the individual 601 may be allowed to modify his/herindividual profile 636 through the interface. For instance, theindividual 601 may change frequency he/she is reminded to providemonitoring information, change the types of measurements obtained by thebiometric sensor 604, and so on.

FIG. 7 is a flow diagram of one embodiment of a method for securelymonitoring an individual using a portable communications devicecomprising a biometric sensor. The method 700 may comprise one or moremachine executable instructions stored on a computer-readable storagemedium. The instructions may be configured to cause a machine, such as acomputing device, to perform the method 700. In some embodiments, theinstructions may be embodied as one or more distinct software modules onthe storage medium. One or more of the instructions and/or steps ofmethod 700 may interact with one or more hardware components, such ascomputer-readable storage media, communications interfaces, or the like.Accordingly, one or more of the steps of method 700 may be tied toparticular machine components.

At step 710, a biometric sensor coupled to a communication device mayobtain one or more biological measurements of an individual. One or moreof the measurements may correspond to internal, sub-epidermalcharacteristics of the individual, such as non-volitional processesoccurring within the individual, sub-epidermal structure within theindividual, or the like.

The biometric sensor may be configured to obtain measurements from theindividual each time the individual utilizes the communication device.The measurements may be acquired non-invasively while the individualuses the communications device (e.g., makes a call, browses theInternet, authors an email or text message, and so on). The measurementsmay be obtained at a particular interval (e.g., every four hours).Accordingly, each time the user access the device, the interval may beevaluated and, if the interval has expired, the measurements may beobtained. In some embodiments, an alert may be issued after the internalhas expired to prompt the user (e.g., via an audible tone, message,email, or the like) to utilize the communications device to provide themeasurements.

As described above, the measurements obtained at step 710 may beacquired using an active sensor and/or a passive sensor. The sensors maybe coupled to the communications device, such that as the individualuses the communications device, the sensors may be capable of obtainingthe measurements from the user. In some embodiments, the communicationsdevice may be adapted to prompt the user to hold the communicationsdevice in a certain way to allow the sensors to obtain the measurements.For example, a cellular telephone may include an electrode on thesurface of the phone and the individual may be prompted to place theelectrode on contact with his/her forehead as the individual uses thedevice. Similarly, the cellular phone may include an emitter (e.g., asshown in FIG. 1), which may be adapted to receive the finger or otherappendage of the individual.

At step 720, one or more biometric markers may be derived from themeasurements as described above. One or more of the biometric markersderived at step 720 may be substantially unique to the individual,whereas other biometric markers may be less unique and/or may beindicative of biological activity of the individual (e.g., indicate thatanother biometric marker was obtained from a live human).

At step 730, one or more of the biometric markers derived at step 720and/or one or more the measurements obtained at step 710 may betransmitted to a receiver using the communications device. As discussedabove, the transmission may be made over any communications networkknown in the art (e.g., PSTN, TCP/IP, Internet, wireless network, or thelike). As described above, the information transmitted at step 730 (thebiometric marker(s) and measurement(s)) may be referred to as a“monitoring packet.”

The transmission of step 730 may make use of various transport layersecurity techniques, such as encryption, authentication, and the like(e.g., SSL, mutually authenticated SSL, etc.). The transport levelsecurity may prevent the monitoring packet from being acquired by anunauthorized receiver (e.g., in a man-in-the middle attack).

In some embodiments, the monitoring packet may include information thatmay be used to identify the individual and/or reduce the search spacerequired to identify the individual (in addition to the biometricmarker(s) and measurement(s)). As described above, the information maybe provided by the individual himself, may be provided by the transportlayer, and/or may be embedded within the communications device used totransmit the monitoring packet. The user-identifying information mayinclude, but is not limited to: a user name, a PIN, an email address, ahardware address, a MAC address, an IP address, and so on. Theuser-identifying information may be provided by the individual and/ormay be automatically included in the monitoring packet without userintervention.

At step 740, a monitoring system may receive the monitoring packettransmitted at step 730.

At step 750, the monitoring service may identify an individualassociated with the monitoring packet. The identification may be basedupon the biometric marker(s) and/or measurement(s) in the monitoringpacket. In addition, and as described above, additional user-identifyinginformation may be used to identify the individual and/or reduce thesearch space for the individual.

As described above, identifying the individual may comprise associatingthe monitoring packet with an individual profile, an individual account,or other data structure associated with the individual (“individualprofile” hereafter). The individual profile may include variousmonitoring information about the user including, but not limited to: oneor more pre-established biometric markers of the individual, baselinemeasurements of the individual, monitoring scripts, rules, and/ortriggers, and so on. The identification of step 750 may result inidentifying a particular individual profile associated with themonitoring packet. Therefore, at step 755, the method 700 may determinewhether a single individual has been identified and, if so, the flow maycontinue to step 760; otherwise, if an individual is not identified, theflow may continue to 755.

At step 755, a return message may be transmitted to the communicationsdevice that transmitted the monitoring packet. The message may indicatethat no individual profile having the provided biometric marker,measurements, and/or user-identifying information could be found. Themessage may allow the individual to establish a new individual profilewith the monitoring service. The message may provide relevant linksand/or contact information to allow the individual to contact themonitoring service and/or a health care entity (discussed below) forfurther assistance. The flow may then continue to step 790.

At step 760, the monitoring service may authenticate the monitoringpacket. Authenticating the monitoring packet may include verifying thatthe packet was sent by and/or authorized by the individual identified atstep 755. The authentication of step 760 may include comparing thebiometric marker(s) within the monitoring packet to one or morebiometric marker(s) and/or measurements within the individual profileidentified at step 755. If the biometric marker(s) correspond to theidentified individual profile, the monitoring packet may beauthenticated.

In some embodiments, the authentication of step 760 may include achallenge/response. Accordingly, at step 760, the monitoring service mayissue a challenge to the sender of the monitoring packet (e.g., to thedevice from which the monitoring packet was received). The challenge mayrequest that the individual provide a particular measurement orbiometric. The monitoring service may receive a response to thechallenge, which, if validated, may authenticate the monitoring packet.

If the monitoring packet is authenticated, the flow may continue to step770; otherwise, the flow may continue to step 755.

At step 770, a monitoring function may be performed. The monitoringfunction may be provided by the method 700 or another entity, such as aheath care provider entity, or the like. The monitoring function of step770 may comprise performing a script associated with the individualprofile as discussed above. The script may compare one or moremeasurements within the monitoring packet to one or more rules,triggers, and the like. Responsive to the comparisons, one or moreactions may be taken including, but not limited to: transmitting analert to the individual (e.g., via the communication device or byanother mechanism); alerting a health care provider entity; dispatchinga medical response to the individual; updating a record (e.g.,individual profile) of the individual; transmitting information to theindividual (e.g., including a summary of the health state of theindividual as indicated by the measurements within the monitoringpacket); or the like.

At step 780, an individual profile of the individual may be updated. Theupdating may include storing the measurement(s) and/or biometricmarker(s) received in the monitoring packet in a computer-readablestorage medium (e.g., in an individual profile). The measurement(s) maybe used to update one or more baseline measurements of the individual.Similarly, the biometric marker(s) may be used to update and/or modifythe biometric markers in the profile. In this way, the individualprofile may reflect gradual changes to the measurements obtained fromthe individual. The original measurement(s) and/or biometric marker(s)may be retained in the profile and/or used for monitoring and/ordiagnostic purposes (e.g., to identify trends which may be indicative ofa particular health state or condition). The flow may then continue tostep 790.

At step 790 the method 700 may terminate until another set ofmeasurements is acquired and/or received (at steps 710 and/or 740).

The above description provides numerous specific details for a thoroughunderstanding of the embodiments described herein. However, those ofskill in the art will recognize that one or more of the specific detailsmay be omitted, or other methods, components, or materials may be used.In some cases, operations are not shown or described in detail.

Furthermore, the described features, operations, or characteristics maybe combined in any suitable manner in one or more embodiments. It willalso be readily understood that the order of the steps or actions of themethods described in connection with the embodiments disclosed may bechanged as would be apparent to those skilled in the art. Thus, anyorder in the drawings or Detailed Description is for illustrativepurposes only and is not meant to imply a required order, unlessspecified to require an order.

Embodiments may include various steps, which may be embodied inmachine-executable instructions to be executed by a general-purpose orspecial-purpose computer (or other electronic device). Alternatively,the steps may be performed by hardware components that include specificlogic for performing the steps or by a combination of hardware,software, and/or firmware.

Embodiments may also be provided as a computer program product includinga computer-readable medium having stored thereon instructions that maybe used to program a computer (or other electronic device) to performprocesses described herein. The computer-readable medium may include,but is not limited to, hard drives, floppy diskettes, optical disks,CD-ROMs, DVD-ROMs, ROMs, RAMs, EPROMs, EEPROMs, magnetic or opticalcards, solid-state memory devices, or other types ofmedia/machine-readable medium suitable for storing electronicinstructions.

As used herein, a software module or component may include any type ofcomputer instruction or computer executable code located within a memorydevice and/or transmitted as electronic signals over a system bus orwired or wireless network. A software module may, for instance, compriseone or more physical or logical blocks of computer instructions, whichmay be organized as a routine, program, object, module, data structure,etc., that perform one or more tasks or implements particular abstractdata types.

In certain embodiments, a particular software module may comprisedisparate instructions stored in different locations of a memory device,which together implement the described functionality of the module.Indeed, a module may comprise a single instruction or many instructions,and may be distributed over several different code segments, amongdifferent programs, and across several memory devices. Some embodimentsmay be practiced in a distributed computing environment where tasks areperformed by a remote processing device linked through a communicationsnetwork. In a distributed computing environment, software modules may belocated in local and/or remote memory storage devices. In addition, databeing tied or rendered together in a database record may be resident inthe same memory device, or across several memory devices, and may belinked together in fields of a record in a database across a network.

It will be understood by those having skill in the art that many changesmay be made to the details of the above-described embodiments withoutdeparting from the underlying principles of the disclosure.

1. A method for acquiring biometric measurements of an individual usinga portable communications device having an integral biometric sensorcomprising an energy emitter and an energy sensor, the methodcomprising: measuring a plurality of internal, sub-epidermalcharacteristics of an individual using the biometric sensor by,transmitting one or more energy signals into the individual using theenergy emitter, receiving one or more energy signals responsive to thetransmitting using the energy sensor, and determining a plurality ofmeasurements of internal, sub-epidermal characteristics of theindividual using the received energy signals; transmitting one or moreof the internal, sub-epidermal characteristics of the individual to areceiver via a network; receiving a request for a measurement of aparticular biometric characteristic from the receiver in response to thetransmitting; and transmitting a measurement of the requested biometriccharacteristic acquired by use of the biometric sensor to the receiver.2. The method of claim 1, further comprising: deriving a biometricmarker from one or more of the plurality of measurements; andtransmitting the biometric marker to the receiver using the portablecommunications device.
 3. (canceled)
 4. The method of claim 2, whereinthe biometric marker and the measurement of the requested biometriccharacteristic are encrypted for transmission over the network. 5.(canceled)
 6. The method of claim 1, further comprising: responsive tothe request, acquiring the measurement of the particular biometriccharacteristic using the biometric sensor.
 7. The method of claim 2,wherein the receiver performs a monitoring function using thetransmitted measurements, the method further comprising receivinginstructions from the receiver responsive to the monitoring.
 8. Themethod of claim 7, further comprising receiving an alert from thereceiver responsive to the monitoring.
 9. The method of claim 8, whereinthe alert comprises the portable communications device emitting an audioalert.
 10. The method of claim 8, wherein the alert comprises theportable communications device vibrating.
 11. The method of claim 1,wherein the portable communications device is one of a cellulartelephone, a personal digital assistant, a laptop computer, and a mediaplayer.
 12. The method of claim 2, further comprising: identifyinginformation describing the individual using the transmitted biometricmarker; and performing a monitoring function using the transmittedmeasurements.
 13. The method of claim 12, wherein the informationdescribing the individual comprises an individual profile stored on acomputer-readable storage medium, the individual profile comprising oneor more individual profile measurements corresponding to measurementspreviously received from the individual.
 14. The method of claim 13,further comprising authenticating the transmitted measurements using thebiometric marker.
 15. The method of claim 14, wherein the informationdescribing the individual comprises a stored biometric marker, andwherein authenticating the measurements comprises comparing thebiometric marker to the stored biometric marker.
 16. The method of claim14, wherein the information describing the individual comprises abiometric profile of the individual, and wherein authenticating themeasurements comprises comparing the biometric marker to the biometricprofile.
 17. (canceled)
 18. The method of claim 13, further comprisingrecording the measurements in the individual profile.
 19. The method ofclaim 13, further comprising: comparing the transmitted measurements toone or more thresholds defined in the individual profile; andtransmitting an alert to the portable communications device when one ormore of the transmitted measurements diverge from the one or morethresholds.
 20. The method of claim 13, further comprising: comparingthe transmitted measurements to one or more thresholds defined in theindividual profile; and transmitting an alert to a health care providerwhen one or more of the measurements diverge from the one or morethresholds.
 21. The method of claim 1, wherein one of the plurality ofinternal, sub-epidermal characteristics corresponds to a non-volitionalprocess occurring within the individual.
 22. The method of claim 1,wherein one of the plurality of internal, sub-epidermal characteristicsis a heartbeat waveform.
 23. The method of claim 21, wherein one of theplurality of internal, sub-epidermal characteristics is a hemodynamicwaveform.
 24. The method of claim 21, wherein one of the plurality ofinternal, sub-epidermal characteristics is a histological structurewithin the individual.
 25. A system for obtaining biometricmeasurements, comprising: a portable communications device capable oftransmitting and receiving information on a communications network, theportable communications device comprising, an integral biometric sensor,the integral biometric sensor comprising, an energy emitter configuredto transmit one or more energy signals towards an individual, the energysignals configured to measure internal, sub-epidermal characteristics ofthe individual, an energy receiver configured to detect one or moreenergy signals responsive to the transmitting, and a processing modulecommunicatively coupled to the biometric sensor and configured todetermine from the received energy signals, measurements of one or moreinternal, sub-epidermal characteristics of the individual, wherein theprocessing module is configured to derive one or more biometric markersfor the individual using one or more of the measurements, to transmitthe one or more biometric markers to a receiver, and to transmit one ormore measurements of specified biometric characteristics of theindividual in response to a request for the specified biometriccharacteristics from the receiver.
 26. The system of claim 25, whereinthe portable communications device is configured to activate responsiveto the processing module deriving the one or more biometric markers, andwherein activating the portable communications device comprisestransmitting a monitoring packet to a receiver on the communicationsnetwork.
 27. The system of claim 26, wherein the monitoring packetcomprises one or more of the derived biometric markers and one or moreof the measurements of internal, sub-epidermal characteristics of theindividual.
 28. The system of claim 27, further comprising a monitoringservice configured to receive the monitoring packet from thecommunications device, the monitoring service comprising, acomputer-readable storage medium comprising one or more informationprofiles, each information profile corresponding to an individual, and asecurity layer configured to associate the monitoring packet with anindividual profile using the monitoring packet, wherein the monitoringservice is configured to perform a monitoring function for theindividual using the individual profile associated with the monitoringpacket and the measurements received in the monitoring packet.
 29. Thesystem of claim 28, wherein the security layer is configured toauthenticate the monitoring packet using the one or more biometricmarkers in the monitoring packet.
 30. The system of claim 29, whereinauthenticating the monitoring packet comprises comparing the one or morebiometric markers in the monitoring packet to a biometric profile in anindividual profile.
 31. The system of claim 29, wherein the securitylayer is configured to authenticate the individual by causing achallenge to be transmitted to the portable communications device, thechallenge specifying a measurement of an internal, sub-epidermalcharacteristic of the individual, receiving the specified measurementfrom the portable communications device, and comparing the specifiedmeasurement to a biometric profile in an individual profile.
 32. Thesystem of claim 28, wherein the monitoring function comprises themonitoring service comparing a selected measurement received in themonitoring packet to a respective threshold defined in the individualprofile associated with the monitoring packet.
 33. The system of claim32, wherein the monitoring function comprises transmitting an alert tothe portable communications device when the selected measurementdiverges from the threshold.
 34. The system of claim 32, wherein themonitoring function comprises transmitting an alert to a health careentity when the selected measurement diverges from the threshold. 35-40.(canceled)